Change Your Passwords Post-Heartbleed

The much-covered Heartbleed vulnerability in OpenSSL, has been detected, exploited, patched, and fixed on every major website by now, so it’s the perfect time to change your passwords.

Heartbleed is a security bug that created a vulnerability in OpenSSL’s Transport Layer Security (TLS) protocol implementation, specifically that of its heartbeat extension. The defect permitted up to 64 kilobytes of memory on an affected server to be read with each heartbeat. Worse, the timing of the bug’s disclosure was such that many servers could not be fixed in time to prevent the potential for some level of exploitation.

It is therefore prudent to assume that at least one of your passwords may potentially have been compromised by Heartbleed. The most widely recommended course of action is to change all of your passwords on all websites once the patch is applied to them. At this point, all major and nearly all minor sites will have the appropriate fixes in place. So take the time to change and memorize a new set of passwords now, if you haven’t already done so.

Conveniently, there is a handy test you can run on any URL to verify that it is no longer vulnerable to Heartbleed.